Audit

The Audit tab provides a complete overview of audit events generated by AppControl and supported hosting platforms. These events give you visibility into changes, access, and system activity across your apps and environments, supporting traceability, compliance monitoring, and incident analysis.

Where the Logs tab focuses on technical runtime messages, the Audit tab focuses on governance-relevant events — structured records of actions, state changes, and control outcomes across the lifecycle of your applications.

View all audit event types supported by AppControl.

What You See in the Audit Tab

The Audit tab displays a filterable list of audit events across your selected scope.

Each event includes:

• App – The application the event relates to

• Environment – The environment (e.g., Production, Acceptance)

• Event ID – Unique identifier of the audit event

• Timestamp – When the event occurred

• Event Type – The classification of the event (e.g., CONTROL_FAILED, REVISION_CHANGED)

• Actor – The user or system responsible for the event

• Event Source – The originating system (e.g., SYSTEM, hosting platform)

• Event Details – Structured metadata describing the event

The table can be filtered by any of these fields to narrow the view to specific apps, environments, actors, or event types.

Filtering and Investigation

You can filter audit events by:

• App

• Environment

• Event ID

• Date / time range

• Event type

• Actor

• Event source

• Event detail content

This makes it possible to:

• Investigate a specific incident

• Review all control failures in a given period

• Trace changes in a specific environment

• Analyze activity performed by a particular actor

• Support internal audits or external compliance reviews

Audit events are stored as structured data, enabling consistent filtering and export.

Event Types

Audit events are categorized by Event Type. Examples include:

• CONTROL_FAILED

• CONTROL_PASSED

• REVISION_CHANGED

• (additional event types are documented below)

Each event type represents a specific governance-relevant occurrence within the lifecycle of an app or environment.

A complete overview of supported event types and their meaning is provided in the table below.

Relationship to Compliance Policies

Compliance Policies (such as GOV_0001 – Change Management) analyze audit events to determine whether governance controls are functioning as expected.

For example:

• A missing approval before deployment may result in a CONTROL_FAILED event.

• A revision update may generate a REVISION_CHANGED event.

• Access-related actions may generate user or system activity events.

Audit events therefore form the evidence layer used by Compliance Policies to continuously assess control effectiveness.

Exporting Audit Data

You can export audit events directly from the Audit tab.

Exports can be used for:

• Internal governance reporting

• External audits

• Incident documentation

• Long-term record keeping

Exports reflect the current filter selection, allowing you to extract only the relevant subset of events.

How Audit Differs from Logs

Both tabs complement each other:

• Logs help you understand what happened technically.

• Audit helps you understand what happened from a governance and control perspective.

Using Audit in Practice

Typical use cases include:

• Reviewing failed controls after a release

• Preparing evidence for ISO 27001 or SOC 2 audits

• Investigating unexpected changes in Production

• Monitoring change management adherence

• Tracing user or system activity over time

The Audit tab provides a structured, centralized, and exportable record of lifecycle activity across your Mendix landscape.

Audit Event Types

The following audit events are generated by AppControl: